All 5 CVE vulnerabilities found in oauthenticator, with AI-generated Chinese analysis, references, and POCs.
Vendor: jupyterhub
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33175 | OAuthenticator: Authentication Bypass in Auth0OAuthenticator via Unverified Email Claims CWE-287 | 8.8 | High | 2026-04-03 |
| CVE-2024-37300 | Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0 CWE-863 | 8.1 | High | 2024-06-12 |
| CVE-2024-29033 | GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace CWE-285 | 7.5 | High | 2024-03-20 |
| CVE-2022-31027 | Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator in oauthenticator CWE-639 | 4.2 | Medium | 2022-06-06 |
| CVE-2020-26250 | Base class whitelist configuration ignored in OAuthenticator CWE-863 | 6.3 | Medium | 2020-12-01 |
All 5 known CVE vulnerabilities affecting oauthenticator with full Chinese analysis, references, and POCs where available.